'Pay bitcoins or your network gets it' threats for New Zealand organisations.

The New Zealand Internet Task Force (NZITF) advises that an unknown
international group has this week begun threatening New Zealand
organisations with Distributed Denial of Service (DDoS) attacks.

DDoS attacks are attempts to make an organisation’s Internet links or
network unavailable to its users for an extended length of time.

This latest DDoS threat appears as an email threatening to
take down an organisation’s Internet links unless substantial payments
in the digital currency Bitcoin are made.

NZITF Chair Barry Brailey warns the threat is not an idle one and
should be taken extremely seriously as the networks of some New
Zealand organisations have already been targetted.

“The networks of at least four New Zealand organisations that NZITF
knows of have been affected, so far. A number of Australian
organisations have also been affected,” he says.

This unknown group of criminals have been sending emails to a number of
addresses within an organisation. Sometimes these are support or
helpdesk addresses, other times they are directed at individuals.

The emails contain statements threatening DDoS, such as:

“Your site is going under attack unless you pay 25 Bitcoin.”

“We are aware that you probably don't have 25 BTC at the moment, so we
are giving you 24 hours.”

“IMPORTANT: You don’t even have to reply. Just pay 25 BTC to – we will know it’s you and you will never hear from us
again.”

The emails may also provide links to news articles about other attacks
the group has conducted.

NZITF urges all New Zealand firms and organisations to be on the alert
and consider the:

• **Don’t pay**. Even if this stops a current attack, it makes your
organisation a likely target for future exploitation as you have a
history of making payments.

• Educate all staff to be on the lookout for any
emails matching the descriptions above. Have them alert appropriate
security personnel within the organisation as soon as possible.

• Establish points of contact with your Internet Service
Providers (ISP) in the event that you need them to perform traffic
filtering. Defense against many attack types is most effective when
performed before it reaches your network. To date NZITF has had
reports of organizations being able to handle these attacks
effectively through collaboration with their ISPs.

• Establish a baseline of normal activity on your internal
network to determine uncharacteristic levels of Internet traffic in
the event of an attack. Report any attack to the appropriate authorities.

For more tech savvy organisations here are some additional steps to consider:

• Make use of DDoS mitigation services or content delivery
networks to serve Web content. Solutions that specialize in protecting
Web content may be more cost effective and, given the limited types of
traffic that should be allowed, might be able to more aggressively
drop malicious traffic.

• For DDoS attacks conducted over non-critical services (esp.,
SSDP and NTP), blocking the relevant ports may provide temporary
mitigation.

ENDS

© Scoop Media